2e47ff804b49726fe96ffdfddc6ae470N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2e47ff804b49726fe96ffdfddc6ae470N.exe
Size

1.5MB
MD5

2e47ff804b49726fe96ffdfddc6ae470
SHA1

043cc252cb32da53ee52d27e573863aa9974c2bd
SHA256

b538955059c4b9771e91ec3df615e65daf0128123c1b774625b414a391ed0a74
SHA512

603ab62679028155ef1c846b7a037d44cce4430cfa811d35b98c74c778e42f062bad180c38907814a17aae023e0a533df7916937b49e3fae50ba991e841c863b
SSDEEP

24576:7w+dChY2cl3Z+SiqkID5pFn01cwlr19syL6dYCl4nnfwAqfghGzDhlJVzLmh4GvG:7w+dChY2cl3Z+SiqkID5pFn01cwd191S

Score

1^/10

Malware Config

Signatures

Files

2e47ff804b49726fe96ffdfddc6ae470N.exe
.dll windows:6 windows x64 arch:x64

c3e1ef35bf3db12d7371fb4709f00c3e

Code Sign

0e:8d:9a:b5:47:20:c0:b1:54:1f:08:e4:b4:70:77:94
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/09/2017, 00:00

Not After

01/10/2020, 12:00

Subject

SERIALNUMBER=453 587 420 00044,CN=A-Volute,O=A-Volute,L=Roubaix,C=FR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:9b:0b:98:50:33:5c:bb:ad:30:cf:64:4a:ef:50:fb:a1:6b:f7:3b:39:49:3d:2f:86:0b:f1:98:1a:69:c5:bb
Signer

Actual PE Digest

4a:9b:0b:98:50:33:5c:bb:ad:30:cf:64:4a:ef:50:fb:a1:6b:f7:3b:39:49:3d:2f:86:0b:f1:98:1a:69:c5:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\BuildAgent\work\d188d2b64e530952\Out\Release\Win64\AudioGraphSettings\AGSWRC2\AGSWRC2.pdb

Imports

vccorlib140_app

?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
??0COMException@Platform@@QE$AAA@H@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??BIntPtr@Platform@@SAPEAXV01@@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
??0IntPtr@Platform@@QEAA@PEAX@Z
?__abi_translateCurrentException@@YAJ_N@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?InitializeData@Details@Platform@@YAJH@Z
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?UninitializeData@Details@Platform@@YAXH@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
??0Object@Platform@@QE$AAA@XZ

oleaut32

BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
SysFreeString
SysAllocString
LPSAFEARRAY_UserFree64
BSTR_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserUnmarshal64
SafeArrayPutElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreate
BSTR_UserSize

rpcrt4

RpcStringBindingComposeW
NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcBindingFromStringBindingW
RpcStringFreeW

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

msvcp140_app

_Cnd_wait
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
_Cnd_init_in_situ
_Mtx_init_in_situ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140_app

__std_type_info_destroy_list
_CxxThrowException
memset
_purecall
__std_exception_destroy
__std_exception_copy
memmove
__std_terminate
__CxxFrameHandler3
__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_initterm_e
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_atexit
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-string-l1-1-0

wcslen

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 517KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 257KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3e1ef35bf3db12d7371fb4709f00c3e

Code Sign

0e:8d:9a:b5:47:20:c0:b1:54:1f:08:e4:b4:70:77:94Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

4a:9b:0b:98:50:33:5c:bb:ad:30:cf:64:4a:ef:50:fb:a1:6b:f7:3b:39:49:3d:2f:86:0b:f1:98:1a:69:c5:bbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vccorlib140_app

oleaut32

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-1

msvcp140_app

kernel32

vcruntime140_app

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 671KB - Virtual size: 670KB

.rdata Size: 517KB - Virtual size: 516KB

.data Size: 257KB - Virtual size: 258KB

.pdata Size: 42KB - Virtual size: 41KB

.reloc Size: 33KB - Virtual size: 32KB

0e:8d:9a:b5:47:20:c0:b1:54:1f:08:e4:b4:70:77:94
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

4a:9b:0b:98:50:33:5c:bb:ad:30:cf:64:4a:ef:50:fb:a1:6b:f7:3b:39:49:3d:2f:86:0b:f1:98:1a:69:c5:bb
Signer

.text
Size: 671KB - Virtual size: 670KB

.rdata
Size: 517KB - Virtual size: 516KB

.data
Size: 257KB - Virtual size: 258KB

.pdata
Size: 42KB - Virtual size: 41KB

.reloc
Size: 33KB - Virtual size: 32KB